<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[39957] branches/4.7: REST API: Unify object access handling for simplicity.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/39957">39957</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/39957","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>ocean90</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2017-01-26 13:46:54 +0000 (Thu, 26 Jan 2017)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>REST API: Unify object access handling for simplicity.
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.
Merge of <a href="https://core.trac.wordpress.org/changeset/39954">[39954]</a> to the 4.7 branch.
See <a href="https://core.trac.wordpress.org/ticket/38792">#38792</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswprestcommentscontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswprestpoststatusescontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswprestposttypescontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswprestpostscontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswprestrevisionscontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswpresttaxonomiescontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswpresttermscontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiendpointsclasswprestuserscontrollerphp">branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php</a></li>
<li><a href="#branches47srcwpincludesrestapiphp">branches/4.7/src/wp-includes/rest-api.php</a></li>
<li><a href="#branches47testsphpunittestsrestapirestattachmentscontrollerphp">branches/4.7/tests/phpunit/tests/rest-api/rest-attachments-controller.php</a></li>
<li><a href="#branches47testsphpunittestsrestapirestcommentscontrollerphp">branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php</a></li>
<li><a href="#branches47testsphpunittestsrestapirestpostscontrollerphp">branches/4.7/tests/phpunit/tests/rest-api/rest-posts-controller.php</a></li>
<li><a href="#branches47testsphpunittestsrestapirestuserscontrollerphp">branches/4.7/tests/phpunit/tests/rest-api/rest-users-controller.php</a></li>
</ul>
<h3>Property Changed</h3>
<ul>
<li><a href="#branches47">branches/4.7/</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<span class="cx" style="display: block; padding: 0 10px">Index: branches/4.7
</span><span class="cx" style="display: block; padding: 0 10px">===================================================================
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">--- branches/4.7 2017-01-26 13:40:17 UTC (rev 39956)
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+++ branches/4.7 2017-01-26 13:46:54 UTC (rev 39957)
</ins><a id="branches47"></a>
<div class="propset"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Property changes: branches/4.7</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: svn:mergeinfo</h4></div>
<span class="cx" style="display: block; padding: 0 10px"> /branches/3.1:18031
</span><span class="cx" style="display: block; padding: 0 10px"> /branches/3.3:20543
</span><span class="cx" style="display: block; padding: 0 10px"> /branches/3.4:21757
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/trunk:18512,39365,39367,39369,39371,39373,39375-39376,39378,39380,39382,39384,39386,39388,39390,39392-39393,39396-39397,39400,39402,39404,39406,39409,39411,39413,39415,39417-39420,39424,39426,39428,39430,39432-39434,39436,39438,39440,39442-39444,39447,39449-39451,39453,39455-39457,39460,39462,39464,39466,39468,39470-39471,39475,39477-39478,39482-39483,39487-39488,39490,39495-39496,39499,39502,39504,39506,39508,39510,39512,39514,39517,39520,39522,39545-39547,39557-39563,39565,39578,39580-39581,39584,39586,39594-39595,39597-39599,39601,39603,39612-39613,39616-39617,39619-39623,39626,39635,39640,39645,39649,39657,39659,39663,39677-39678,39680-39681,39684-39685,39688-39689,39692,39720,39742,39744,39759-39760,39772,39795,39807-39808,39831,39843,39848,39850,39952
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+/trunk:18512,39365,39367,39369,39371,39373,39375-39376,39378,39380,39382,39384,39386,39388,39390,39392-39393,39396-39397,39400,39402,39404,39406,39409,39411,39413,39415,39417-39420,39424,39426,39428,39430,39432-39434,39436,39438,39440,39442-39444,39447,39449-39451,39453,39455-39457,39460,39462,39464,39466,39468,39470-39471,39475,39477-39478,39482-39483,39487-39488,39490,39495-39496,39499,39502,39504,39506,39508,39510,39512,39514,39517,39520,39522,39545-39547,39557-39563,39565,39578,39580-39581,39584,39586,39594-39595,39597-39599,39601,39603,39612-39613,39616-39617,39619-39623,39626,39635,39640,39645,39649,39657,39659,39663,39677-39678,39680-39681,39684-39685,39688-39689,39692,39720,39742,39744,39759-39760,39772,39795,39807-39808,39831,39843,39848,39850,39952,39954
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of property
</span><a id="branches47srcwpincludesrestapiendpointsclasswprestcommentscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -63,6 +63,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'id' => array(
+ 'description' => __( 'Unique identifier for the object.' ),
+ 'type' => 'integer',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -300,6 +306,36 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Get the comment, if the ID is valid.
+ *
+ * @since 4.7.2
+ *
+ * @param int $id Supplied ID.
+ * @return WP_Comment|WP_Error Comment object if ID is valid, WP_Error otherwise.
+ */
+ protected function get_comment( $id ) {
+ $error = new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
+ if ( (int) $id <= 0 ) {
+ return $error;
+ }
+
+ $id = (int) $id;
+ $comment = get_comment( $id );
+ if ( empty( $comment ) ) {
+ return $error;
+ }
+
+ if ( ! empty( $comment->comment_post_ID ) ) {
+ $post = get_post( (int) $comment->comment_post_ID );
+ if ( empty( $post ) ) {
+ return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
+ }
+ }
+
+ return $comment;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Checks if a given request has access to read the comment.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.7.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -309,12 +345,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_Error|bool True if the request has read access for the item, error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item_permissions_check( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
-
- $comment = get_comment( $id );
-
- if ( ! $comment ) {
- return true;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $comment = $this->get_comment( $request['id'] );
+ if ( is_wp_error( $comment ) ) {
+ return $comment;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -344,20 +377,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
-
- $comment = get_comment( $id );
- if ( empty( $comment ) ) {
- return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $comment = $this->get_comment( $request['id'] );
+ if ( is_wp_error( $comment ) ) {
+ return $comment;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! empty( $comment->comment_post_ID ) ) {
- $post = get_post( $comment->comment_post_ID );
- if ( empty( $post ) ) {
- return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
- }
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> $data = $this->prepare_item_for_response( $comment, $request );
</span><span class="cx" style="display: block; padding: 0 10px"> $response = rest_ensure_response( $data );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -624,12 +648,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_Error|bool True if the request has access to update the item, error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $comment = $this->get_comment( $request['id'] );
+ if ( is_wp_error( $comment ) ) {
+ return $comment;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
-
- $comment = get_comment( $id );
-
- if ( $comment && ! $this->check_edit_permission( $comment ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! $this->check_edit_permission( $comment ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -646,14 +670,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $comment = $this->get_comment( $request['id'] );
+ if ( is_wp_error( $comment ) ) {
+ return $comment;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $comment = get_comment( $id );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $id = $comment->comment_ID;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( empty( $comment ) ) {
- return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -744,11 +767,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_Error|bool True if the request has access to delete the item, error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item_permissions_check( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
- $comment = get_comment( $id );
-
- if ( ! $comment ) {
- return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $comment = $this->get_comment( $request['id'] );
+ if ( is_wp_error( $comment ) ) {
+ return $comment;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! $this->check_edit_permission( $comment ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -767,15 +788,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $comment = $this->get_comment( $request['id'] );
+ if ( is_wp_error( $comment ) ) {
+ return $comment;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $force = isset( $request['force'] ) ? (bool) $request['force'] : false;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $comment = get_comment( $id );
-
- if ( empty( $comment ) ) {
- return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Filters whether a comment can be trashed.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiendpointsclasswprestpoststatusescontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -48,6 +48,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<status>[\w-]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'status' => array(
+ 'description' => __( 'An alphanumeric identifier for the status.' ),
+ 'type' => 'string',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiendpointsclasswprestposttypescontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -48,6 +48,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<type>[\w-]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'type' => array(
+ 'description' => __( 'An alphanumeric identifier for the post type.' ),
+ 'type' => 'string',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiendpointsclasswprestpostscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -88,6 +88,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'id' => array(
+ 'description' => __( 'Unique identifier for the object.' ),
+ 'type' => 'integer',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -350,6 +356,28 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Get the post, if the ID is valid.
+ *
+ * @since 4.7.2
+ *
+ * @param int $id Supplied ID.
+ * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
+ */
+ protected function get_post( $id ) {
+ $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
+ if ( (int) $id <= 0 ) {
+ return $error;
+ }
+
+ $post = get_post( (int) $id );
+ if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
+ return $error;
+ }
+
+ return $post;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Checks if a given request has access to read a post.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.7.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -359,9 +387,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $post = $this->get_post( $request['id'] );
+ if ( is_wp_error( $post ) ) {
+ return $post;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $post = get_post( (int) $request['id'] );
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -428,18 +458,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
- $post = get_post( $id );
-
- if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
- return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $post = $this->get_post( $request['id'] );
+ if ( is_wp_error( $post ) ) {
+ return $post;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $data = $this->prepare_item_for_response( $post, $request );
</span><span class="cx" style="display: block; padding: 0 10px"> $response = rest_ensure_response( $data );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $response->link_header( 'alternate', get_permalink( $id ), array( 'type' => 'text/html' ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return $response;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -455,6 +483,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function create_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! empty( $request['id'] ) ) {
+ return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $post_type = get_post_type_object( $this->post_type );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -591,8 +622,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $post = $this->get_post( $request['id'] );
+ if ( is_wp_error( $post ) ) {
+ return $post;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $post = get_post( $request['id'] );
</del><span class="cx" style="display: block; padding: 0 10px"> $post_type = get_post_type_object( $this->post_type );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $post && ! $this->check_update_permission( $post ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -624,11 +658,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
- $post = get_post( $id );
-
- if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
- return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $valid_check = $this->get_post( $request['id'] );
+ if ( is_wp_error( $valid_check ) ) {
+ return $valid_check;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $post = $this->prepare_item_for_database( $request );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -714,9 +746,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $post = $this->get_post( $request['id'] );
+ if ( is_wp_error( $post ) ) {
+ return $post;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $post = get_post( $request['id'] );
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( $post && ! $this->check_delete_permission( $post ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -734,15 +768,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $post = $this->get_post( $request['id'] );
+ if ( is_wp_error( $post ) ) {
+ return $post;
+ }
+
+ $id = $post->ID;
</ins><span class="cx" style="display: block; padding: 0 10px"> $force = (bool) $request['force'];
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $post = get_post( $id );
-
- if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
- return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> $supports_trash = ( EMPTY_TRASH_DAYS > 0 );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( 'attachment' === $post->post_type ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -901,7 +934,12 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Post ID.
</span><span class="cx" style="display: block; padding: 0 10px"> if ( isset( $request['id'] ) ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $prepared_post->ID = absint( $request['id'] );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $existing_post = $this->get_post( $request['id'] );
+ if ( is_wp_error( $existing_post ) ) {
+ return $existing_post;
+ }
+
+ $prepared_post->ID = $existing_post->ID;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $schema = $this->get_item_schema();
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiendpointsclasswprestrevisionscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -71,6 +71,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> public function register_routes() {
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base, array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'parent' => array(
+ 'description' => __( 'The ID for the parent of the object.' ),
+ 'type' => 'integer',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_items' ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -81,6 +87,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'parent' => array(
+ 'description' => __( 'The ID for the parent of the object.' ),
+ 'type' => 'integer',
+ ),
+ 'id' => array(
+ 'description' => __( 'Unique identifier for the object.' ),
+ 'type' => 'integer',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -107,6 +123,28 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Get the parent post, if the ID is valid.
+ *
+ * @since 4.7.2
+ *
+ * @param int $id Supplied ID.
+ * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
+ */
+ protected function get_parent( $parent ) {
+ $error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );
+ if ( (int) $parent <= 0 ) {
+ return $error;
+ }
+
+ $parent = get_post( (int) $parent );
+ if ( empty( $parent ) || empty( $parent->ID ) || $this->parent_post_type !== $parent->post_type ) {
+ return $error;
+ }
+
+ return $parent;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Checks if a given request has access to get revisions.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.7.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -116,11 +154,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_items_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $parent = $this->get_parent( $request['parent'] );
+ if ( is_wp_error( $parent ) ) {
+ return $parent;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $parent = get_post( $request['parent'] );
- if ( ! $parent ) {
- return true;
- }
</del><span class="cx" style="display: block; padding: 0 10px"> $parent_post_type_obj = get_post_type_object( $parent->post_type );
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -130,6 +168,28 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Get the revision, if the ID is valid.
+ *
+ * @since 4.7.2
+ *
+ * @param int $id Supplied ID.
+ * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise.
+ */
+ protected function get_revision( $id ) {
+ $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );
+ if ( (int) $id <= 0 ) {
+ return $error;
+ }
+
+ $revision = get_post( (int) $id );
+ if ( empty( $revision ) || empty( $revision->ID ) || 'revision' !== $revision->post_type ) {
+ return $error;
+ }
+
+ return $revision;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Gets a collection of revisions.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.7.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -139,9 +199,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_items( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $parent = get_post( $request['parent'] );
- if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type ) {
- return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $parent = $this->get_parent( $request['parent'] );
+ if ( is_wp_error( $parent ) ) {
+ return $parent;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $revisions = wp_get_post_revisions( $request['parent'] );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -177,14 +237,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $parent = get_post( $request['parent'] );
- if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type ) {
- return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $parent = $this->get_parent( $request['parent'] );
+ if ( is_wp_error( $parent ) ) {
+ return $parent;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $revision = get_post( $request['id'] );
- if ( ! $revision || 'revision' !== $revision->post_type ) {
- return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $revision = $this->get_revision( $request['id'] );
+ if ( is_wp_error( $revision ) ) {
+ return $revision;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $response = $this->prepare_item_for_response( $revision, $request );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -201,18 +261,23 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return bool|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $parent = $this->get_parent( $request['parent'] );
+ if ( is_wp_error( $parent ) ) {
+ return $parent;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $revision = $this->get_revision( $request['id'] );
+ if ( is_wp_error( $revision ) ) {
+ return $revision;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $response = $this->get_items_permissions_check( $request );
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! $response || is_wp_error( $response ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return $response;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $post = get_post( $request['id'] );
- if ( ! $post ) {
- return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );
- }
</del><span class="cx" style="display: block; padding: 0 10px"> $post_type = get_post_type_object( 'revision' );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return current_user_can( $post_type->cap->delete_post, $post->ID );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return current_user_can( $post_type->cap->delete_post, $revision->ID );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -225,6 +290,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $revision = $this->get_revision( $request['id'] );
+ if ( is_wp_error( $revision ) ) {
+ return $revision;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $force = isset( $request['force'] ) ? (bool) $request['force'] : false;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // We don't support trashing for revisions.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -232,7 +302,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_trash_not_supported', __( 'Revisions do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $revision = get_post( $request['id'] );
</del><span class="cx" style="display: block; padding: 0 10px"> $previous = $this->prepare_item_for_response( $revision, $request );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $result = wp_delete_post( $request['id'], true );
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiendpointsclasswpresttaxonomiescontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -48,6 +48,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<taxonomy>[\w-]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'taxonomy' => array(
+ 'description' => __( 'An alphanumeric identifier for the taxonomy.' ),
+ 'type' => 'string',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiendpointsclasswpresttermscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -96,6 +96,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'id' => array(
+ 'description' => __( 'Unique identifier for the term.' ),
+ 'type' => 'integer',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -108,7 +114,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::EDITABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'update_item' ),
</span><span class="cx" style="display: block; padding: 0 10px"> 'permission_callback' => array( $this, 'update_item_permissions_check' ),
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::DELETABLE,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -288,6 +294,33 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Get the term, if the ID is valid.
+ *
+ * @since 4.7.2
+ *
+ * @param int $id Supplied ID.
+ * @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise.
+ */
+ protected function get_term( $id ) {
+ $error = new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) );
+
+ if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
+ return $error;
+ }
+
+ if ( (int) $id <= 0 ) {
+ return $error;
+ }
+
+ $term = get_term( (int) $id, $this->taxonomy );
+ if ( empty( $term ) || $term->taxonomy !== $this->taxonomy ) {
+ return $error;
+ }
+
+ return $term;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Checks if a request has access to read or edit the specified term.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.7.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -297,11 +330,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return bool|WP_Error True if the request has read access for the item, otherwise false or WP_Error object.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item_permissions_check( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $tax_obj = get_taxonomy( $this->taxonomy );
- if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
- return false;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $term = $this->get_term( $request['id'] );
+ if ( is_wp_error( $term ) ) {
+ return $term;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', (int) $request['id'] ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> return true;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -317,13 +351,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $term = $this->get_term( $request['id'] );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $term = get_term( (int) $request['id'], $this->taxonomy );
-
- if ( ! $term || $term->taxonomy !== $this->taxonomy ) {
- return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( is_wp_error( $term ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return $term;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -445,17 +474,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return bool|WP_Error True if the request has access to update the item, false or WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item_permissions_check( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
- return false;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $term = $this->get_term( $request['id'] );
+ if ( is_wp_error( $term ) ) {
+ return $term;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $term = get_term( (int) $request['id'], $this->taxonomy );
-
- if ( ! $term ) {
- return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( ! current_user_can( 'edit_term', $term->term_id ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_cannot_update', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -473,6 +496,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $term = $this->get_term( $request['id'] );
+ if ( is_wp_error( $term ) ) {
+ return $term;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( isset( $request['parent'] ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Can not set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -487,8 +515,6 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $prepared_term = $this->prepare_item_for_database( $request );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $term = get_term( (int) $request['id'], $this->taxonomy );
-
</del><span class="cx" style="display: block; padding: 0 10px"> // Only update the term if we haz something to update.
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! empty( $prepared_term ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $update = wp_update_term( $term->term_id, $term->taxonomy, wp_slash( (array) $prepared_term ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -498,14 +524,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $term = get_term( (int) $request['id'], $this->taxonomy );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $term = get_term( $term->term_id, $this->taxonomy );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /* This action is documented in lib/endpoints/class-wp-rest-terms-controller.php */
</span><span class="cx" style="display: block; padding: 0 10px"> do_action( "rest_insert_{$this->taxonomy}", $term, $request, false );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $schema = $this->get_item_schema();
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $meta_update = $this->meta->update_value( $request['meta'], (int) $request['id'] );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $meta_update = $this->meta->update_value( $request['meta'], $term->term_id );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( is_wp_error( $meta_update ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return $meta_update;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -535,16 +561,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return bool|WP_Error True if the request has access to delete the item, otherwise false or WP_Error object.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item_permissions_check( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
- return false;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $term = $this->get_term( $request['id'] );
+ if ( is_wp_error( $term ) ) {
+ return $term;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $term = get_term( (int) $request['id'], $this->taxonomy );
-
- if ( ! $term ) {
- return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( ! current_user_can( 'delete_term', $term->term_id ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this term.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -562,6 +583,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $term = $this->get_term( $request['id'] );
+ if ( is_wp_error( $term ) ) {
+ return $term;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $force = isset( $request['force'] ) ? (bool) $request['force'] : false;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -570,8 +595,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_trash_not_supported', __( 'Terms do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $term = get_term( (int) $request['id'], $this->taxonomy );
-
</del><span class="cx" style="display: block; padding: 0 10px"> $request->set_param( 'context', 'view' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $previous = $this->prepare_item_for_response( $term, $request );
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiendpointsclasswprestuserscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -65,6 +65,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'args' => array(
+ 'id' => array(
+ 'description' => __( 'Unique identifier for the user.' ),
+ 'type' => 'integer',
+ ),
+ ),
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => WP_REST_Server::READABLE,
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => array( $this, 'get_item' ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -326,6 +332,28 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Get the user, if the ID is valid.
+ *
+ * @since 4.7.2
+ *
+ * @param int $id Supplied ID.
+ * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
+ */
+ protected function get_user( $id ) {
+ $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
+ if ( (int) $id <= 0 ) {
+ return $error;
+ }
+
+ $user = get_userdata( (int) $id );
+ if ( empty( $user ) || ! $user->exists() ) {
+ return $error;
+ }
+
+ return $user;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Checks if a given request has access to read a user.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.7.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -335,22 +363,20 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
- $user = get_userdata( $id );
</del><span class="cx" style="display: block; padding: 0 10px"> $types = get_post_types( array( 'show_in_rest' => true ), 'names' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( empty( $id ) || empty( $user->ID ) ) {
- return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
- }
-
- if ( get_current_user_id() === $id ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( get_current_user_id() === $user->ID ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return true;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } elseif ( ! count_user_posts( $id, $types ) && ! current_user_can( 'edit_user', $id ) && ! current_user_can( 'list_users' ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -367,11 +393,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
- $user = get_userdata( $id );
-
- if ( empty( $id ) || empty( $user->ID ) ) {
- return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $user = $this->prepare_item_for_response( $user, $request );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -541,10 +565,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
-
- if ( ! current_user_can( 'edit_user', $id ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! current_user_can( 'edit_user', $user->ID ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -565,9 +591,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function update_item( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
- $user = get_userdata( $id );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $id = $user->ID;
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( ! $user ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -681,10 +711,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function delete_item_permissions_check( $request ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
-
- if ( ! current_user_can( 'delete_user', $id ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! current_user_can( 'delete_user', $user->ID ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -705,8 +737,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> if ( is_multisite() ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $id = (int) $request['id'];
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $id = $user->ID;
</ins><span class="cx" style="display: block; padding: 0 10px"> $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
</span><span class="cx" style="display: block; padding: 0 10px"> $force = isset( $request['force'] ) ? (bool) $request['force'] : false;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -715,12 +751,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $user = get_userdata( $id );
-
- if ( ! $user ) {
- return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( ! empty( $reassign ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $reassign === $id || ! get_userdata( $reassign ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) );
</span></span></pre></div>
<a id="branches47srcwpincludesrestapiphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/src/wp-includes/rest-api.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/src/wp-includes/rest-api.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/src/wp-includes/rest-api.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -46,6 +46,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( isset( $args['args'] ) ) {
+ $common_args = $args['args'];
+ unset( $args['args'] );
+ } else {
+ $common_args = array();
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( isset( $args['callback'] ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> // Upgrade a single set to multiple.
</span><span class="cx" style="display: block; padding: 0 10px"> $args = array( $args );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -57,12 +64,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'args' => array(),
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> foreach ( $args as $key => &$arg_group ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! is_numeric( $arg_group ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! is_numeric( $key ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> // Route option, skip here.
</span><span class="cx" style="display: block; padding: 0 10px"> continue;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $arg_group = array_merge( $defaults, $arg_group );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $arg_group['args'] = array_merge( $common_args, $arg_group['args'] );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $full_route = '/' . trim( $namespace, '/' ) . '/' . trim( $route, '/' );
</span></span></pre></div>
<a id="branches47testsphpunittestsrestapirestattachmentscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/tests/phpunit/tests/rest-api/rest-attachments-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/tests/phpunit/tests/rest-api/rest-attachments-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/tests/phpunit/tests/rest-api/rest-attachments-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -182,7 +182,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $data = $response->get_data();
</span><span class="cx" style="display: block; padding: 0 10px"> $keys = array_keys( $data['endpoints'][0]['args'] );
</span><span class="cx" style="display: block; padding: 0 10px"> sort( $keys );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->assertEquals( array( 'context' ), $keys );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->assertEquals( array( 'context', 'id' ), $keys );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_get_items() {
</span></span></pre></div>
<a id="branches47testsphpunittestsrestapirestcommentscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -835,7 +835,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $request = new WP_REST_Request( 'GET', '/wp/v2/comments/' . $comment_id );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $response = $this->server->dispatch( $request );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->assertErrorResponse( 'rest_cannot_read', $response, 401 );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->assertErrorResponse( 'rest_post_invalid_id', $response, 404 );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_get_comment_invalid_post_id_as_admin() {
</span></span></pre></div>
<a id="branches47testsphpunittestsrestapirestpostscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/tests/phpunit/tests/rest-api/rest-posts-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/tests/phpunit/tests/rest-api/rest-posts-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/tests/phpunit/tests/rest-api/rest-posts-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -127,7 +127,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $data = $response->get_data();
</span><span class="cx" style="display: block; padding: 0 10px"> $keys = array_keys( $data['endpoints'][0]['args'] );
</span><span class="cx" style="display: block; padding: 0 10px"> sort( $keys );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->assertEquals( array( 'context', 'password' ), $keys );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->assertEquals( array( 'context', 'id', 'password' ), $keys );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_get_items() {
</span></span></pre></div>
<a id="branches47testsphpunittestsrestapirestuserscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.7/tests/phpunit/tests/rest-api/rest-users-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.7/tests/phpunit/tests/rest-api/rest-users-controller.php 2017-01-26 13:40:17 UTC (rev 39956)
+++ branches/4.7/tests/phpunit/tests/rest-api/rest-users-controller.php 2017-01-26 13:46:54 UTC (rev 39957)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1849,12 +1849,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $request->set_param( 'reassign', false );
</span><span class="cx" style="display: block; padding: 0 10px"> $response = $this->server->dispatch( $request );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Not implemented in multisite.
- if ( is_multisite() ) {
- $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
- return;
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> $this->assertErrorResponse( 'rest_user_invalid_id', $response, 404 );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre>
</div>
</div>
</body>
</html>